diff options
| -rw-r--r-- | includes/account.php | 7 | ||||
| -rw-r--r-- | includes/general.php | 3 |
2 files changed, 10 insertions, 0 deletions
diff --git a/includes/account.php b/includes/account.php index b1ab984..5d45602 100644 --- a/includes/account.php +++ b/includes/account.php @@ -535,6 +535,13 @@ function buildSubjectFromSession() { exit; } + if(!isValidWildcard($_REQUEST['newdomain']) || strstr($_REQUEST['newdomain'],"*") !== false) { + showheader(_("My CAcert.org Account!")); + echo _("Your domain is not valid."); + showfooter(); + exit; + } + list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest while($newdomain['0'] == '-') $newdomain = substr($newdomain, 1); diff --git a/includes/general.php b/includes/general.php index f84ae5b..cd6d910 100644 --- a/includes/general.php +++ b/includes/general.php @@ -273,6 +273,9 @@ if(!preg_match('/^(\\.(?!-)[a-z0-9_-]*[a-z0-9])+$/i','.'.$name)){ return false; } + if(preg_match('/^(\\.[0-9]*)+$/i','.'.$name)){ + return false; + } return strpos($name, "*") === false; } |